The invention relates to a method and an arrangement for fraud detection and prevention in a telecommunications network, especially in a mobile communications network.
Modern telecommunications networks offer a subscriber several supplementary services in directing a call. Call Forwarding (CF) is a supplementary service which permits a called subscriber to have the network route all incoming calls to a preset number. Call Transfer (CT) is another supplementary service which permits a subscriber to transfer an established incoming or outgoing call to a third party. Such supplementary services pose the threat of fraud, making use of telecommunication services without the intent to pay. Typically, a fraudulent user applies for a subscription with false identity and with no intention to pay any telephone bills. The most common types of fraud are related to the ability to sell calls, such as forwarded or transferred calls. In such cases, the fraudulent user programs the desired telephone number as the forwarded-to number for the fraudulent subscription, after which the caller pays only for a local call, for example. Without good control large unpaid bills could be produced by calling expensive destinations such as Premium Rate or international numbers. It is very much in the interests of the network operators to detect the misuse and stop it at the earliest possible opportunity.
FIG. 1 of the attached drawing shows a simplified block diagram of the GSM mobile communications system. The mobile station MS is connected via a radio path to a base transceiver station BTS, in FIG. 1, to the base station BTS1. A base station sub-system BSS consists of a base station controller BSC and the base stations BTS controlled by it. A mobile services switching center MSC usually controls several base station controllers BSC and is connected to other mobile services switching centers and a GMSC (Gateway Mobile Services Switching Center). Via the GMSC the GSM network is connected to other networks, such as the PSTN (Public Service Telephone Network), another mobile communication network PLMN, the ISDN network, the intelligent network IN, or the short message service center SMSC. The operation of the entire GSM system is monitored by the operation and maintenance center OMC. Subscriber data of the mobile station MS is stored permanently in the Home Location Register HLR and temporarily in the Visitor Location Register VLR of the area in which the mobile station MS is currently located. Subscriber data contains information on all the services the subscriber is entitled to and the subscriber""s present location. The information as to the location of the mobile station MS is stored in the visitor location register VLR with the accuracy of a Location Area LA.
In order to limit possible fraudulent use of the network, parameters limiting the use of certain services are known to be set. These limiting parameters are common for all the subscribers. Typically, the parameters are activated for all the subscribers communicating through one network element, such as the switching center, or for none. One solution for preventing fraudulent call transfers in a radio telecommunications network is described in patent application WO 97/47152. The method in the publication restricts or disables the immediate call transfer feature if the number of call transfer requests exceeds a threshold number of requests within a predetermined time period. The method may also restrict or disable the call transfer feature if the transfer-to telephone number included in the call transfer request is not on a list of approved transfer-to telephone numbers.
The problem with known fraud prevention methods is that they provide only default values which are either used for each subscriber or not used. It is not possible to define parameter values on a subscriber basis. Yet the operator has varying needs to monitor the possible fraudulent use of different subscribers.
The object of this invention is to implement effective and flexible prevention of fraudulent use in a telecommunications network on a subscriber basis.
This is achieved through a method and an arrangement according to the invention characterized by what is stated in the independent claims. Special embodiments of the invention are presented in the dependent claims.
The invention is based on the idea that at least one fraud profile identified by an identifier is created and the identifier is included in the subscriber data of some subscribers. Based on this identifier the fraud restriction parameters of the subscriber are retrieved from the subscribers fraud profile, and these fraud restriction parameters are used in detecting and indicating possible fraudulent use. The fraud restriction parameters include values for different service limits, such as the maximum number of call forwarding requests and/or the maximum number of location updates during a certain period, and possibly at least for some features an action parameter related to a service limit and implemented when the service limit is reached.
The advantage of the method according to the invention is that the network operator is able to monitor and control the activities of the subscribers individually when the call is active. The system provides tools for the operator to monitor and limit the subscriber""s calls, including transferred and forwarded calls.
Another advantage of the method according to the invention is that the management of the fraud restriction parameters is simple.
The advantage of the arrangement according to the invention is that the subscriber data file is increased only by the identifier of one of the fraud profiles, which are centrally stored in a storage separate from the subscriber data.